Oh, I completely forgot about the username issues, but here's what I
found out: you'll need every name in the authz file at least twice
(three times for good measure). Windows isn't case-sensitive, but Svn
is, so you'll need one with domain and username in all caps and one with
just the username in all lowercase chars. To make it slightly simpler on
users, I recommend you add a third with the domain and username in all
lowercase chars. Here's an excerpt from mine:
[groups]
svn-admin = DOMAIN\FLANAKINM, domain\flanakinm, flanakinm
[/]
@svn-admin = rw
Michael
________________________________
From: Frank Gruman [mailto:fgatwork@verizon.net]
Sent: Wednesday, December 07, 2005 3:05 PM
To: Deepak Balasubramaniam
Cc: Kyle Kline; users@subversion.tigris.org
Subject: Re: Windows domain authentication error
Deepak Balasubramaniam wrote:
Hi Kyle,
Thanks for replying. I tried using the format you specified
but still i get the same error.
Regards,
Deepak
On 12/7/05, Kyle Kline <kyle.kline@gmail.com> wrote:
if the name of your repo is truly svntest, then the perm
entry should look like this:
[svntest:/]
Deepak.B = rw
On 12/7/05, Deepak Balasubramaniam <
deepakbalasubramaniam@gmail.com <mailto:deepakbalasubramaniam@gmail.com>
> wrote:
Hi All,
We are currently in the process of
migrating our Version management from VSS to SVN. I was trying to setup
the windows domain authentication for SVN and followed all the steps
mentioned at http://www.subversionary.org/sspidomainauth. But when i try
to access the repository i get an Authenticantion denied error. I have
given the info from apache error.log below. We have installed apache
2.0.55 and SVN 1.2.3 .
The entry i have in apache conf file is:
<Location "/test">
dav svn
SVNPath "d:/svntest"
# our user authentication policy
AuthName "SVN Server"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain nazcasolutions
SSPIOfferBasic on #let non-IE clients
authenticate
#SSPIOmitDomain On # keep domain name in
userid string
# passed down to
mod_authz_svn
Require valid-user # A Require directive
may? prevent userid
# strings from being
passed down to mod_authz_svn
# our access control policy enforced by
mod_authz_svn
AuthzSVNAccessFile
"d:/svndav/svnaccess.conf"
</Location>
The entry i have in svnaccess.conf file is:
[test]
Deepak.B = rw
The error i get in error.log is:
[Wed Dec 07 12:31:12 2005] [notice]
Apache/2.0.55 (Win32) SVN/1.2.3 DAV/2 mod_auth_sspi/1.0.3 configured --
resuming normal operations
[Wed Dec 07 12:31:12 2005] [notice] Server
built: Oct 9 2005 19:16:56
[Wed Dec 07 12:31:12 2005] [notice] Parent:
Created child process 3732
[Wed Dec 07 12:31:12 2005] [notice] Child 3732:
Child process is running
[Wed Dec 07 12:31:13 2005] [notice] Child 448:
Released the start mutex
[Wed Dec 07 12:31:13 2005] [notice] Child 3732:
Acquired the start mutex.
[Wed Dec 07 12:31:13 2005] [notice] Child 3732:
Starting 250 worker threads.
[Wed Dec 07 12:31:14 2005] [notice] Child 448:
Waiting for 250 worker threads to exit.
[Wed Dec 07 12:31:14 2005] [notice] Child 448:
All worker threads have exited.
[Wed Dec 07 12:31:14 2005] [notice] Child 448:
Child process is exiting
[Wed Dec 07 12:48:05 2005] [error] [client
10.1.1.102 <http://10.1.1.102/> ] Access denied:
'nazcasolutions\\Deepak.B' PROPFIND test:/trunk
Try one of these things (but not necessarily all at the same time):
1 - don't use your domain name when logging in. You are already
specifying a domain in your SSPI configuration.
2 - Add your domain name in front of your username in your AUTHZ file.
3 - Uncomment the SSPIOmitDomain directive. If the domain is provided
on the front end, this should strip it off and provide the name only to
the authentication level.
m2c
Regards,
Frank
Received on Wed Dec 7 22:23:58 2005